From ef92be31cc7f18656b0d84f47df5ee1c36b05c4f Mon Sep 17 00:00:00 2001 From: Philippe PITTOLI Date: Sat, 18 May 2024 12:58:04 +0200 Subject: [PATCH] Talk a bit more about mlock and mprotect. --- graphs/graphs.ms | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/graphs/graphs.ms b/graphs/graphs.ms index 2fbcd98..a747f52 100644 --- a/graphs/graphs.ms +++ b/graphs/graphs.ms @@ -888,11 +888,14 @@ However, a few security mechanisms exist to prevent data leak or data modificati .B "Preventing data leak" . Since DODB is a library, any attack on the application using it can lead to a data leak. For the moment, any part of the application can access data stored in memory. -Operating systems provide system calls to protect parts of the allocated memory: +Operating systems provide system calls to protect parts of the allocated memory. +For instance, .FUNCTION_CALL mlock -prevents a region of memory from being put in the swap, +prevents a region of memory from being put in the swap, which may lead to a data leak. +Also, .FUNCTION_CALL mprotect -prevents the application itself to access part of its own memory unless +prevents the application itself to access part of its own memory; +the idea is to read (or write) memory only once you ask for it via a syscall, so you cannot access it from anywhere by mistake (or after an attack). .TBD .B "Discussion on security, not related to DODB" .